Policy Post 5.15 | CDT Delivers Report on Online Privacy Seals and Practices to the Senate



=============================================================
C D T   P O L I C Y   P O S T
***********************************************************************
A BRIEFING ON PUBLIC POLICY ISSUES
AFFECTING CIVIL LIBERTIES ONLINE
from
THE CENTER FOR DEMOCRACY AND TECHNOLOGY
***********************************************************************
Volume 5, Number 15      July 27, 1999
=============================================================

CONTENTS:
(1) CDT Delivers Report on Online Privacy Seals and Practices to the Senate
(2) Children's Privacy Law Under Examination at FTC
(3) Federal Government Explores Privacy in Its Use of Digital Signatures
(4) Subscription Information
(5) About the Center for Democracy and Technology

** This document may be redistributed freely with this banner intact **
Excerpts may be re-posted with permission of ari@cdt.org
This document is also available at:
http://www.cdt.org/publications/pp_5.14.html
_______________________________________________________________________

(1) CDT DELIVERS REPORT ON ONLINE PRIVACY SEALS AND PRACTICES TO THE SENATE

CDT staff counsel Deirdre Mulligan testified on July 27 before a Senate
Commerce Subcommittee and released a new CDT report, "Behind the Numbers:
Privacy Practices on the Web." The report concludes that Fair Information
Practices continue to be the exception rather than the rule on the World
Wide Web; private sector enforcement programs cover a very small segment of
commercial Web sites; and individuals' concerns about privacy online remain
only partially addressed.

One section of the CDT report examines the so-called "privacy seal" programs --
BBBOnline, TRUSTe, and WebTrust.  The report finds that the programs have
significantly improved their criteria, but still fall short of addressing
consumers' documented privacy concerns.  Moreover, the reach of the seal
programs is quite small -- approximately 900 Web sites out of an estimated
3.6 million commercial Web sites.

It is clear, the CDT report concludes, that adequate, widespread and
enforceable privacy practices have not emerged on the Internet.  In light
of these findings, CDT reiterated its belief that baseline privacy
legislation is both necessary and inevitable for the Internet. The Online
Privacy Protection Act (S. 809) introduced by Senators Burns and Wyden
could serve as a starting point for the effort to address privacy, but many
hard issues need to be resolved.

* CDT's Report "Behind the Numbers: Privacy Practices on the Web" is
available in PDF format at: http://www.cdt.org/privacy/990727privacy.pdf

* Deirdre Mulligan's testimony is available at: NEEDED ATTACHED

* For the text of the Online Privacy Protection Act (S. 809) and other
online privacy legislation, go to:
http://www.cdt.org/legislation/106th/privacy/

_______________________________________________________________________

(2) CHILDREN'S PRIVACY LAW UNDER EXAMINATION AT FTC

On July 20, the Federal Trade Commission held a public workshop on the
implementation of the "parental consent" provision of the Children's Online
Privacy Protection Act.  Under the 1998 law, which CDT worked on and supported,
commercial Web sites that are targeted to children, and those that know they
are dealing with a child, must, among other things, obtain "verifiable
parental consent" prior to collecting personal information from children.

CDT participated in the workshop AND URGED THE FTC TO ENSURE THAT THE
PROPOSED RULE does not unintentionally require parental consent in order
for children to
engage in anonymous or pseudononymous chat. CDTs comments on the FTC's Proposed
Rule for implementing the Act, urged the FTC to ensure that the Final
Rule:

* addresses the specific challenges to privacy posed by the Internet's
distributed architecture and global nature;
* responds to the diversity of entities, uses, and business models on the
Internet by clearly identifying the Act's coverage and scope; and,
* builds upon the interactive, real-time user-controlled nature of the
Internet.

CDT's comments on the Proposed Rule are available at: NEEDED -- ATTACHED
PLUS LINK TO RULE http://www.FTC.gov/os/1999/9904/childrensonlineprivacy.pdf
PUBLIC COMMENTS ON RULE http://www.FTC.gov/privacy/comments/index.html

 AND WORKSHOP AGENDA http://www.FTC.gov/os/1999/9907/agenda.htm

The Children's Online Privacy Protection Act is online at:
http://www.cdt.org/legislation/105th/privacy/coppa.html

_______________________________________________________________________

(3) FEDERAL GOVERNMENT EXPLORES PRIVACY IN ITS USE OF DIGITAL SIGNATURES

Digital authentication techniques such as digital signatures are likely to
play an important role in ecommerce and other online interactions.  Yet the
process of authenticating digital signatures poses serious privacy issues,
as certificate authorities and other providers of authentication services
occupy central positions on the Internet.

These privacy issues were brought to the fore by the Government Paper Work
Elimination Act (GPEA) of 1998, which requires federal agencies to
institute digital authentication policies in order to support the online
filing of forms and other documents required by the government. Last year,
CDT worked successfully to make sure that privacy language was included in
the GPEA.

Now the Office of Management and Budget is drafting guidance for agencies
to follow in implementing GPEA. OMB's guidelines appropriately instruct
agencies that the best way to comply with the privacy provision is to: 1)
limit the use of identity-based authentication systems to those where it is
absolutely necessary; 2) limit the amount of information collected; and 3)
maximize users' control over their information.

However, CDT believes that the OMB guidance should do more, including
making it clear that:

* Identification should not be portrayed as the only type of authentication.

* Technologies employed to comply with the law should, in their very
design, address privacy concerns.

CDT's full comments on the proposed GPEA guidance are available at:
http://www.cdt.org/digsig/gpe-comment.html

The Government Paperwork Elimination Act is online at:
http://www.cdt.org/legislation/105th/digsig/govnopaper.html
_______________________________________________________________________

(4) SUBSCRIPTION INFORMATION

Be sure you are up to date on the latest public policy issues affecting
civil liberties online and how they will affect you! Subscribe to the CDT
Policy Post news distribution list.  CDT Policy Posts, the regular news
publication of the Center for Democracy and Technology, are received by
Internet users, industry leaders, policymakers, the news media and
activists, and have become the leading source for information about
critical free speech and privacy issues affecting the Internet and other
interactive communications media.

To subscribe to CDT's Policy Post list, send mail to

     majordomo@cdt.org

In the BODY of the message (leave the SUBJECT LINE BLANK), type

     subscribe policy-posts

If you ever wish to remove yourself from the list, send mail to the above
address with NOTHING IN THE SUBJECT LINE and a BODY TEXT of:

    unsubscribe policy-posts


_______________________________________________________________________

(5) ABOUT THE CENTER FOR DEMOCRACY AND TECHNOLOGY/CONTACTING US

The Center for Democracy and Technology is a non-profit public interest
organization based in Washington, DC. The Center's mission is to develop
and advocate public policies that advance democratic values and
constitutional civil liberties in new computer and communications
technologies.

Contacting us:

General information:  info@cdt.org
World Wide Web:       http://www.cdt.org/


Snail Mail:  The Center for Democracy and Technology
             1634 Eye Street NW * Suite 1100 * Washington, DC 20006
             (v) +1.202.637.9800 * (f) +1.202.637.0968


-----------------------------------------------------------------------
End Policy Post 5.15
-----------------------------------------------------------------------